Saturday, December 19, 2015

Phishing emails have been around on the internet for some time, and can be very deceptive in their methods. Usually these are in the form of various fraudulent emails. The goal of these emails is to get you to click on a link at the minimum, others try to get you to enter your private paypal and banking info.

Many times these emails are obviously a phishing scam, and other times they can be very subtle and not appear at first to be a phishing attempt.

Emails from people in Africa wanting to give you millions of dollars are obviously a scam, most people dismiss these outright, but unfortunately these emails operate on the principal that a sucker is born every minute, even if 999 people out of every 1000 dismiss these emails, it only takes that 1 gullible person for the scam to work. Since emails can be mass emailed to tens of thousands and even hundreds of thousands of people in only seconds, there only needs to be a few gullible suckers for the scheme to payoff for the criminals. Large lists of people's emails are openly traded on the internet black markets and this is where the criminals get the email addresses from

Other emails are more subtle, crafty computer criminals have been known to create seemingly legitimate emails often listing a news story related to the industry the targeted person works in, and having a link for the targeted person to click on to see the "full" story. This scheme was successfully used by the now imprisoned cybercriminal Max Butler, who crafted a fake story related to the financial industry and then emailed the story to employees of Citibank, when the Citibank employees clicked on the link in the email, malware was installed on the Citibank computer network allowing for cybercrime to be committed against Citibank. Max Butler even registered a fake webdomain for the purpose of this scheme, FINANCIALEDGENEWS.COM.

Max Butler is now serving a 13 year federal prison sentence for computer and financial crimes. Here he is pictured in his standard issue prison uniform.

A person should never click on any link in a questionable email. Even if the email looks even slightly legitimate. Do not click on links in emails from people you do not know. Often when the link is clicked, malware will be installed on the users computer.

Most often this malware will do one of several things, or even all of these things:

scan the victims computer for files containing passwords or financial info such as bank accounts and credit card numbers.

Install keylogger software on your computer that will record everything you type, specifically logins and passwords for online banking and Paypal.

Install botnet software on your computer, a botnet is a surreptitious software network that resides on victims computers and allows the cybercriminals to send commands to the victims computers across the internet for various schemes, often involving mass spam emails, and also so the cybercriminals can use the victims computer to launch attacks on other networks and disguise the true source of the attack, and also for distributed denial of service (DDS) attacks on websites designed to overwhelm a website with massive page hits, slowing the website down and even making it completely unavailable.

I have started a collection of some of the common phishing emails that are circulating the internet that I have received in the past.

I received a few emails claiming that I have WhatsApp messages waiting for me. Dubious since I have never used WhatsApp at anytime. WhatsApp is a popular instant messaging client for smartphones that allows people to send messages to other users of WhatsApp. While not exceedingly popular in the USA, WhatsApp is very popular in other parts of the world such as India and Brazil. If you are like many Americans and do not use WhatsApp, never at anytime click on the links of these emails. Here is a screenshot of one of these emails I received.

Some things that show this is obviously a fraudulent phishing email, note the email address of the sender emily-cronethe@meltzermandl.com, that is not an email address that the real WhatsApp would use, the real WhatsApp would use whatsapp.com as part of the sender email address. So that is a prime indicator that this email is Fraudulent.

Also the button titled AUTOPLAY does not link to the domain whatsapp.com, the link in this email is to LINUX1.NET/lake.php, a person can see this by hovering the mouse pointer over the autoplay button, without clicking the button. A real whatsapp message would never use such a link with that domain name.

This email tries to take advantage of a persons curiosity, "Oh, someone sent me a message, Who?", Most likely what happens when a person clicks the link is that Malware is installed on their computer, or, also, a fake login page is displayed asking the victim for their WhatsApp login and password, or even both!

Next is the Viagra - Cialis scam email, this one is actually crafty as it uses a canadian sender email address domain, its well known that prescription drugs are much lower price in Canada. However Viagra and Cialis would never sell at the prices listed in this email, even in Canada, also legally drug producers are not allowed to solicit sales of drugs on the internet without the boilerplate health warnings required by law. Viagra typically sells for $20 to $50 dollars a pill, never at the prices here. Click on the link and malware will be installed, or a fake webpage will gather your credit card information, and it may even be possible the victim would actually get pills in the mail, but they would certainly be fake pills.

Skype emails? Really? I was not aware that Skype lets you send an email, only instant messages and voice/video calls. Note the fake domains in this email that are not skype.com.

RUSSIAN Women? This is obviously a scam, also I have heard nothing but bad things about the Russian Bride Industry. Note the questionable sender email address domain name.

Facebook actually had a system before where people could have a facebook.com email address, however it never was popular and Facebook no longer promotes it. Note the domain on the sender email address is not facebook.com, marking this as an obvious fraud email. Also my Facebook page does not use my hotmail email address, another indicator of fraud.

Everyone would love to have a $100 credit to Amazon! But this email is a complete fraud, the sender email does not have the domain of amazon.com, and also the link does not link to an amazon.com link, so this is a complete fraud.

Note that these phishing emails all have a common purpose, to get you to click a link in the email.

NEVER AT ANYTIME CLICK LINKS IN EMAILS IF THERE IS ANY QUESTION ABOUT THE EMAIL!!